To combat the increasing threat from Phishing and from Spear Phishing, we are adding a new tag to email that arrives from outside of Purchase College. Beginning Tuesday October 16th all external email will have this phrase inserted above the content:

< - - MESSAGE FROM AN EXTERNAL SENDER - - >

A note that a message is from “outside” is becoming an increasingly common practice – serving as a reminder that more care should be taken in handling the content.

There have been several recent incidents of Spear Phishing here at Purchase. In those cases, the perpetrators established external email accounts with the display name of campus personnel.

Unless you read the actual email address, it may appear that a familiar campus name sent the message.This “EXTERNAL” flag will also help in those cases.

Our colleagues upstate at SUNY will have all of their messages flagged, but looking into the body of their messages, you will see that many of them are flagging external messages in the same manner.

If your office uses 3rd party services that send email to the Purchase community members, let the community know that messages from “3rdPartyService@vendor.com”are legitimate messages. Describe the service and the communications that the community might expect to see from that vendor on your web page or in an email blast.

Lastly, please use your Purchase College email for all official communications.Someone recently forwarded a message containing official college business they received from outlook-D0614C02523B9977@outlook.com- with the display name of a Purchase faculty member, which should - and did - raise suspicions.

++++++++++++++++++++++

Please make time to complete the annual mandatory annual Securing the Human Security Awareness Training, and always think twice before you click.